@jaredbusch said in What Are You Doing Right Now:

@wrcombs said in What Are You Doing Right Now:

@eddiejennings said in What Are You Doing Right Now:

@wrcombs said in What Are You Doing Right Now:

Horrible day at the office- my manager and I have so little to do , that we have sat here and talked about how little we have to do - after I asked him if there was anything that needed to be worked on and if there was anyway I could get extra hours cause I'm not making very much on a straight 80 pay period.. needless to say I'm extremely bored.

There's always something that needs to be turned into a script.

I should probably learn how to script first ( i dont want to be a script kiddy)

That's how you start. You go take something that exists and then tear it apart and understand it.

I still do that

@scottalanmiller said in NG AV / Endpoint Protection in 2021:

I think for 90% or more, it is plenty. It's a rare shop that has some valuable action to take when they find out that the AV caught something. Most times it just wastes resources and causes people to start ignoring it. In theory, it's great to have, and that's what a SIEM is for, for sure. But most shops can't do things like test patches or look over logs, they just don't have the resources or knowledge. So getting them maximum benefit at minimum cost is critical and allowing them as much time as possible to deal with meaningful problems.

That's why you need alerts in addition to logs. You need your alerts to have low noise so you actually can respond to them. I do think keeping logs is important even if it's just for forensics after the fact.

@dashrender said in NG AV / Endpoint Protection in 2021:

@stacksofplates said in NG AV / Endpoint Protection in 2021:

@irj said in NG AV / Endpoint Protection in 2021:

Also I think centralized policy management is against the concept of zero trust. We should not br whitelisting anything, because it does not fit zero trust model. In an ideal world we are using web applications which require no exceptions.

We need to get out of the mindset that poorly created applications are ok to use. But by off chance we need to make AV exceptions for a shitty app we should be able to do that for the entire organization through configuration management tool. It should be so rare and there should be no onsie or twosie exceptions (so no need for policy management).

I agree 100%. But I still think you need reliable reporting on when things do pop up. I don't think just knowing the AV is up to date or not is enough. And you're right, an SIEM will do that for you.

Most small shops or even medium shops are going to have SIEM.

It makes a hell of a lot of sense when you can save $10 a month per user and use standard windows defender, but you're right SMB don't do things that are logical and cannot see big picture.

Also I think centralized policy management is against the concept of zero trust. We should not br whitelisting anything, because it does not fit zero trust model. In an ideal world we are using web applications which require no exceptions.

We need to get out of the mindset that poorly created applications are ok to use. But by off chance we need to make AV exceptions for a shitty app we should be able to do that for the entire organization through configuration management tool. It should be so rare and there should be no onsie or twosie exceptions (so no need for policy management).

What is centralized AV?
AV status, alerting, and policy management

A SIEM and HIDS solution provide the first two for you and there are so many mechanisms which you can use to handle policies like powershell, salt, Ansible, etc.

@irj said in New hire, make him build his own pc?:

@gjacobse said in New hire, make him build his own pc?:

@obsolesce said in New hire, make him build his own pc?:

@mr-jones said in New hire, make him build his own pc?:

We have an HP Z440 workstation sitting on the shelf, that I was about to configure for him, but I had the idea of "why don't I just make him figure it out"

Because when someone starts a new job, they should have a functional system and work area waiting for them.

If you feel a need to train him in putting together a workstation, I'm sure you can do that too, but why have him start a new job without a functional system?

I agree and disagree.

Most times, all the access and such isn't there yet. So what else are they to do? This at least gives them something to work on while things are being set up.

ETA: I started 28 Jun 2021, I am still getting access to systems I will be supporting.... I'm also having to create some of that documentation... but - that's another story.

Lack of documentation and consistency between deployments of equipment creates problems. I've been with enough organizations to realize setting up my own PC just shows a failure in their current process. Also, giving a brand new user local admin rights to setup their PC is poor security practice. Really no user should be running their system as admin or root. If they need software installed, it should already be approved and packaged for them in most cases.

I get that IT employees need more software than typical user, but there should be documentation for IT admin tools and even packages to deploy them in most cases.

TLDR - Making someone setup their own workstation isn't the flex you think it is.

@gjacobse said in New hire, make him build his own pc?:

@obsolesce said in New hire, make him build his own pc?:

@mr-jones said in New hire, make him build his own pc?:

We have an HP Z440 workstation sitting on the shelf, that I was about to configure for him, but I had the idea of "why don't I just make him figure it out"

Because when someone starts a new job, they should have a functional system and work area waiting for them.

If you feel a need to train him in putting together a workstation, I'm sure you can do that too, but why have him start a new job without a functional system?

I agree and disagree.

Most times, all the access and such isn't there yet. So what else are they to do? This at least gives them something to work on while things are being set up.

ETA: I started 28 Jun 2021, I am still getting access to systems I will be supporting.... I'm also having to create some of that documentation... but - that's another story.

Lack of documentation and consistency between deployments of equipment creates problems. I've been with enough organizations to realize setting up my own PC just shows a failure in their current process. Also, giving a brand new user local admin rights to setup their PC is poor security practice. Really no user should be running their system as admin or root. If they need software installed, it should already be approved and packaged for them in most cases.

I get that IT employees need more software than typical user, but there should be documentation for IT admin tools and even packages to deploy them in most cases.

Hopefully the process is already documented. If it isn't documented yet, that is something that should have already been done. Nothing wrong with having someone following a documented process.

If not documented currently, it's just a huge annoyance and hindrance to doing his actual job. You could use this as an opportunity to guide him and have him document the process, however.

Also the more I think about it...

1. Why do additional notes need to be in the same file?

2. How are these documents being stored and accessed? Is there any type of software being used to access customer information and documents?

Have you tried a tool like PDF escape? You can do some free editing online with it, but they do offer paid versions which probably make sense if it's something that is done frequently.

There's always the option to buy a license from evil Adobe as well. $15 a month is better than wasting hours every month dealing with it.

@dustinb3403 said in Apple plans to scan your images for child porn:

These are the important bits, to summarize, Apple is scanning your local files, to generate Hash files of the content on your phone, which then if its uploaded to iCloud, starts "counting against you" (tinfoil hat bit there) and then if you hit a threshold, then a human at apple reviews the potential CSAM content and confirms it, locks your account and calls the authorities.

AKA Apple is surfing the web for child porn for their own kicks.

Apple’s method of detecting known CSAM is designed with user privacy in mind. Instead of scanning images in the cloud, the system performs on-device matching using a database of known CSAM image hashes provided by NCMEC and other child safety organizations. Apple further transforms this database into an unreadable set of hashes that is securely stored on users’ devices.

Before an image is stored in iCloud Photos, an on-device matching process is performed for that image against the known CSAM hashes. This matching process is powered by a cryptographic technology called private set intersection, which determines if there is a match without revealing the result. The device creates a cryptographic safety voucher that encodes the match result along with additional encrypted data about the image. This voucher is uploaded to iCloud Photos along with the image.

Using another technology called threshold secret sharing, the system ensures the contents of the safety vouchers cannot be interpreted by Apple unless the iCloud Photos account crosses a threshold of known CSAM content. The threshold is set to provide an extremely high level of accuracy and ensures less than a one in one trillion chance per year of incorrectly flagging a given account.

Only when the threshold is exceeded does the cryptographic technology allow Apple to interpret the contents of the safety vouchers associated with the matching CSAM images. Apple then manually reviews each report to confirm there is a match, disables the user’s account, and sends a report to NCMEC. If a user feels their account has been mistakenly flagged they can file an appeal to have their account reinstated.

I'm sure law enforcement is providing the hashes.

I guess if you just give it to the liberty data folder it's not as bad. It's amazing how shitty software can be though. It sucks that %PROGRAMDATA% folder has been around since Windows 7 and this vendor still can't figure out how to leverage it properly.

If I'm understanding correctly, this is a huge security risk.

Are you considering giving everyone full write access to %PROGRAMDATA%?

@gjacobse said in Icacls: Granting WO access to folder:

@eddiejennings said in Icacls: Granting WO access to folder:

But there's more to the story it seems. Are you needing to share the %PROGRAMDATA% folder over the network

No - the folder doesn't need to be shared. The DB on the server - needs the path mapped.

Please tell me this is a joke.

@wrcombs said in Point of Sale System Recommendations, POS:

@stacksofplates said in Point of Sale System Recommendations, POS:

@wrcombs said in Point of Sale System Recommendations, POS:

I've 'programmed' thousands of alcoholic drinks, different liquors, shots etc. into Aloha Systems

If you have to develop code to add drinks into their systems, I'd rather not use the tool. That seems so over the top. Do they support a lot of languages? Seems limiting.

It's not actual programming code that's why i used the 'programming' as that is what it is called in the field.
Really it's just data entry of products, adding items through the GUI.

That kind of reminds me of "programming printers"

https://mangolassi.it/topic/10680/programming-printers?page=1

Use SSH keys and whitelist your IP using Vultr firewall. When your IP changes, login to vultr console and add it.

Much safer and way easier.

@dustinb3403 said in O365: KUDOS:

This is simply skirting that tax liability

@dustinb3403 said in O365: KUDOS:

It is to a participation trophy, because you're paid to do a job, this simply acknowledges that you went above and beyond with some pictures or whatever.

Since you have no idea what a participation trophy is or what it means...

https://lmddgtfy.net/?q=What's a participation trophy%3F

@dustinb3403 said in O365: KUDOS:

I think you must find these to be important, why else would you defend the practice?

I find that businesses should do things where they pay very little out of pocket and gain alot of morale from it. I've been given these awards before and I find them very encouraging. Even $25 feels like a great gesture and is above and beyond what your company has to do.

@dustinb3403 said in O365: KUDOS:

@pete-s I guess, still seems like "participation trophies". I'm at the point where I'd rather just have the cash or time off and not deal with this kind of game.

It's not a participation trophy, because everyone gets a participation trophy. This is actually earned, and the acknowledgement is worth it to company and to employees.